Major security issue that has not been fixed.

This topic contains 2 replies, has 2 voices, and was last updated by WCFM Forum WCFM Forum 3 days, 7 hours ago.

  • Author
    Posts
  • #84831
    Avatar
    edo hopar
    Participant

    Hello,

    A few days ago another user posted here that Affiliate has access to Site Settings and you guys have not fixed this. You do realize that any affiliate can take all profits from the website owner if you do not fix this issue.

    WARNING: WCFM AFFILIATE Account has access to SETTINGS, including Payment settings, Commission Settings, VENDOR COMMISSION SETTINGS, Product, Store and many other ADMIN Settings.

    When affiliates log in, it takes them to their Affiliate Dashboard. Example

    https://mywebsite.com/store-manager/affiliates/

    NOW, While logged in as an affiliate, If you replace the URL with https://mywebsite.com/store-manager/SETTINGS/ you will get access to ADMIN SETTINGS…

    FIX THIS PLEASE. AFFILIATES SHOULD NOT HAVE ACCESS TO ALL THESE.

    Attachments:
    You must be logged in to view attached files.
  • #85970
    Avatar
    edo hopar
    Participant

    Has any one of you guys had a chance to look in to this problem?
    It has been over 1 week I have posted this issue and you have not fixed it or responded

  • #86181
    WCFM Forum
    WCFM Forum
    Keymaster

    We will take care of this in next update.

You must be logged in to reply to this topic.